^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) =====
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) Usage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) =====
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) This module supports the SMB3 family of advanced network protocols (as well
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) as older dialects, originally called "CIFS" or SMB1).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) The CIFS VFS module for Linux supports many advanced network filesystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) features such as hierarchical DFS like namespace, hardlinks, locking and more.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) It was designed to comply with the SNIA CIFS Technical Reference (which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) supersedes the 1992 X/Open SMB Standard) as well as to perform best practice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) practical interoperability with Windows 2000, Windows XP, Samba and equivalent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) servers. This code was developed in participation with the Protocol Freedom
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) Information Foundation. CIFS and now SMB3 has now become a defacto
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) standard for interoperating between Macs and Windows and major NAS appliances.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) Please see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) or https://samba.org/samba/PFIF/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) For questions or bug reports please contact:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) smfrench@gmail.com
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) See the project page at: https://wiki.samba.org/index.php/LinuxCIFS_utils
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) Build instructions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) ==================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) For Linux:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 1) Download the kernel (e.g. from https://www.kernel.org)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) and change directory into the top of the kernel directory tree
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) (e.g. /usr/src/linux-2.5.73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 2) make menuconfig (or make xconfig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 3) select cifs from within the network filesystem choices
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 4) save and exit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 5) make
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) Installation instructions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) =========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) If you have built the CIFS vfs as module (successfully) simply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) type ``make modules_install`` (or if you prefer, manually copy the file to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) the modules directory e.g. /lib/modules/2.4.10-4GB/kernel/fs/cifs/cifs.ko).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) If you have built the CIFS vfs into the kernel itself, follow the instructions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) for your distribution on how to install a new kernel (usually you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) would simply type ``make install``).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) If you do not have the utility mount.cifs (in the Samba 4.x source tree and on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) the CIFS VFS web site) copy it to the same directory in which mount helpers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) reside (usually /sbin). Although the helper software is not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) required, mount.cifs is recommended. Most distros include a ``cifs-utils``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) package that includes this utility so it is recommended to install this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) Note that running the Winbind pam/nss module (logon service) on all of your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) Linux clients is useful in mapping Uids and Gids consistently across the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) domain to the proper network user. The mount.cifs mount helper can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) found at cifs-utils.git on git.samba.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) If cifs is built as a module, then the size and number of network buffers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) and maximum number of simultaneous requests to one server can be configured.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) Changing these from their defaults is not recommended. By executing modinfo::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) modinfo kernel/fs/cifs/cifs.ko
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) at module initialization time (by running insmod cifs.ko) can be seen.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) Recommendations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) ===============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) To improve security the SMB2.1 dialect or later (usually will get SMB3) is now
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) the new default. To use old dialects (e.g. to mount Windows XP) use "vers=1.0"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) on mount (or vers=2.0 for Windows Vista). Note that the CIFS (vers=1.0) is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) much older and less secure than the default dialect SMB3 which includes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) many advanced security features such as downgrade attack detection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) and encrypted shares and stronger signing and authentication algorithms.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) There are additional mount options that may be helpful for SMB3 to get
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) improved POSIX behavior (NB: can use vers=3.0 to force only SMB3, never 2.1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) ``mfsymlinks`` and ``cifsacl`` and ``idsfromsid``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) Allowing User Mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) ====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) To permit users to mount and unmount over directories they own is possible
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) with the cifs vfs. A way to enable such mounting is to mark the mount.cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) utility as suid (e.g. ``chmod +s /sbin/mount.cifs``). To enable users to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) umount shares they mount requires
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) 1) mount.cifs version 1.4 or later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) 2) an entry for the share in /etc/fstab indicating that a user may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) unmount it e.g.::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) //server/usersharename /mnt/username cifs user 0 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) Note that when the mount.cifs utility is run suid (allowing user mounts),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) in order to reduce risks, the ``nosuid`` mount flag is passed in on mount to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) disallow execution of an suid program mounted on the remote target.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) When mount is executed as root, nosuid is not passed in by default,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) and execution of suid programs on the remote target would be enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) by default. This can be changed, as with nfs and other filesystems,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) by simply specifying ``nosuid`` among the mount options. For user mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) though to be able to pass the suid flag to mount requires rebuilding
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) mount.cifs with the following flag: CIFS_ALLOW_USR_SUID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) There is a corresponding manual page for cifs mounting in the Samba 3.0 and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) later source tree in docs/manpages/mount.cifs.8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) Allowing User Unmounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) ======================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) To permit users to ummount directories that they have user mounted (see above),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) the utility umount.cifs may be used. It may be invoked directly, or if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) umount.cifs is placed in /sbin, umount can invoke the cifs umount helper
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) (at least for most versions of the umount utility) for umount of cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) mounts, unless umount is invoked with -i (which will avoid invoking a umount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) helper). As with mount.cifs, to enable user unmounts umount.cifs must be marked
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) as suid (e.g. ``chmod +s /sbin/umount.cifs``) or equivalent (some distributions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) allow adding entries to a file to the /etc/permissions file to achieve the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) equivalent suid effect). For this utility to succeed the target path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) must be a cifs mount, and the uid of the current user must match the uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) of the user who mounted the resource.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) Also note that the customary way of allowing user mounts and unmounts is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) (instead of using mount.cifs and unmount.cifs as suid) to add a line
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) to the file /etc/fstab for each //server/share you wish to mount, but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) this can become unwieldy when potential mount targets include many
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) or unpredictable UNC names.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) Samba Considerations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) ====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) Most current servers support SMB2.1 and SMB3 which are more secure,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) but there are useful protocol extensions for the older less secure CIFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) dialect, so to get the maximum benefit if mounting using the older dialect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) (CIFS/SMB1), we recommend using a server that supports the SNIA CIFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) Unix Extensions standard (e.g. almost any version of Samba ie version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 2.2.5 or later) but the CIFS vfs works fine with a wide variety of CIFS servers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) Note that uid, gid and file permissions will display default values if you do
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) not have a server that supports the Unix extensions for CIFS (such as Samba
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) the line::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) unix extensions = yes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) to your smb.conf file on the server. Note that the following smb.conf settings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) are also useful (on the Samba server) when the majority of clients are Unix or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) Linux::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) case sensitive = yes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) delete readonly = yes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) ea support = yes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) Note that server ea support is required for supporting xattrs from the Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) cifs client, and that EA support is present in later versions of Samba (e.g.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 3.0.6 and later (also EA support works in all versions of Windows, at least to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) shares on NTFS filesystems). Extended Attribute (xattr) support is an optional
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) feature of most Linux filesystems which may require enabling via
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) make menuconfig. Client support for extended attributes (user xattr) can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) disabled on a per-mount basis by specifying ``nouser_xattr`` on mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) then POSIX support in the CIFS configuration options when building the cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) module. POSIX ACL support can be disabled on a per mount basic by specifying
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) ``noacl`` on mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) Some administrators may want to change Samba's smb.conf ``map archive`` and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) ``create mask`` parameters from the default. Unless the create mask is changed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) newly created files can end up with an unnecessarily restrictive default mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) which may not be what you want, although if the CIFS Unix extensions are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) enabled on the server and client, subsequent setattr calls (e.g. chmod) can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) fix the mode. Note that creating special devices (mknod) remotely
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) may require specifying a mkdev function to Samba if you are not using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) Samba 3.0.6 or later. For more information on these see the manual pages
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) (``man smb.conf``) on the Samba server system. Note that the cifs vfs,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) unlike the smbfs vfs, does not read the smb.conf on the client system
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) (the few optional settings are passed in on mount via -o parameters instead).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) open files (required for strict POSIX compliance). Windows Servers already
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) supported this feature. Samba server does not allow symlinks that refer to files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) outside of the share, so in Samba versions prior to 3.0.6, most symlinks to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) files with absolute paths (ie beginning with slash) such as::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) ln -s /mnt/foo bar
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) would be forbidden. Samba 3.0.6 server or later includes the ability to create
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) such symlinks safely by converting unsafe symlinks (ie symlinks to server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) files that are outside of the share) to a samba specific format on the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) that is ignored by local server applications and non-cifs clients and that will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) not be traversed by the Samba server). This is opaque to the Linux client
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) application using the cifs vfs. Absolute symlinks will work to Samba 3.0.5 or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) later, but only for remote clients using the CIFS Unix extensions, and will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) be invisbile to Windows clients and typically will not affect local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) applications running on the same server as Samba.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) Use instructions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) ================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) Once the CIFS VFS support is built into the kernel or installed as a module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) (cifs.ko), you can use mount syntax like the following to access Samba or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) Mac or Windows servers::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) mount -t cifs //9.53.216.11/e$ /mnt -o username=myname,password=mypassword
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) Before -o the option -v may be specified to make the mount.cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) mount helper display the mount steps more verbosely.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) After -o the following commonly used cifs vfs specific options
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) are supported::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) username=<username>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) password=<password>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) domain=<domain name>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) Other cifs mount options are described below. Use of TCP names (in addition to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) ip addresses) is available if the mount helper (mount.cifs) is installed. If
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) you do not trust the server to which are mounted, or if you do not have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) cifs signing enabled (and the physical network is insecure), consider use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) of the standard mount options ``noexec`` and ``nosuid`` to reduce the risk of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) running an altered binary on your local system (downloaded from a hostile server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) or altered by a hostile router).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) Although mounting using format corresponding to the CIFS URL specification is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) not possible in mount.cifs yet, it is possible to use an alternate format
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) for the server and sharename (which is somewhat similar to NFS style mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) syntax) instead of the more widely used UNC format (i.e. \\server\share)::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) mount -t cifs tcp_name_of_server:share_name /mnt -o user=myname,pass=mypasswd
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) When using the mount helper mount.cifs, passwords may be specified via alternate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) mechanisms, instead of specifying it after -o using the normal ``pass=`` syntax
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) on the command line:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 1) By including it in a credential file. Specify credentials=filename as one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) of the mount options. Credential files contain two lines::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) username=someuser
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) password=your_password
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 2) By specifying the password in the PASSWD environment variable (similarly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) the user name can be taken from the USER environment variable).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 3) By specifying the password in a file by name via PASSWD_FILE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 4) By specifying the password in a file by file descriptor via PASSWD_FD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) If no password is provided, mount.cifs will prompt for password entry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) Restrictions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) ============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) problem as most servers support this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) Valid filenames differ between Windows and Linux. Windows typically restricts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) filenames which contain certain reserved characters (e.g.the character :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) which is used to delimit the beginning of a stream name by Windows), while
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) Linux allows a slightly wider set of valid characters in filenames. Windows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) servers can remap such characters when an explicit mapping is specified in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) the Server's registry. Samba starting with version 3.10 will allow such
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) filenames (ie those which contain valid Linux characters, which normally
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) would be forbidden for Windows/CIFS semantics) as long as the server is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) configured for Unix Extensions (and the client has not disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) /proc/fs/cifs/LinuxExtensionsEnabled). In addition the mount option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) ``mapposix`` can be used on CIFS (vers=1.0) to force the mapping of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) illegal Windows/NTFS/SMB characters to a remap range (this mount parm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) is the default for SMB3). This remap (``mapposix``) range is also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) compatible with Mac (and "Services for Mac" on some older Windows).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) CIFS VFS Mount Options
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) ======================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) A partial list of the supported mount options follows:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) username
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) The user name to use when trying to establish
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) the CIFS session.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) password
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) The user password. If the mount helper is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) installed, the user will be prompted for password
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) if not supplied.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) ip
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) The ip address of the target server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) unc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) The target server Universal Network Name (export) to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) domain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) Set the SMB/CIFS workgroup name prepended to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) username during CIFS session establishment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) forceuid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) Set the default uid for inodes to the uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) passed in on mount. For mounts to servers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) which do support the CIFS Unix extensions, such as a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) properly configured Samba server, the server provides
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) the uid, gid and mode so this parameter should not be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) specified unless the server and clients uid and gid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) numbering differ. If the server and client are in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) same domain (e.g. running winbind or nss_ldap) and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) the server supports the Unix Extensions then the uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) and gid can be retrieved from the server (and uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) and gid would not have to be specified on the mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) For servers which do not support the CIFS Unix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) extensions, the default uid (and gid) returned on lookup
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) of existing files will be the uid (gid) of the person
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) who executed the mount (root, except when mount.cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) is configured setuid for user mounts) unless the ``uid=``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) (gid) mount option is specified. Also note that permission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) checks (authorization checks) on accesses to a file occur
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) at the server, but there are cases in which an administrator
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) may want to restrict at the client as well. For those
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) servers which do not report a uid/gid owner
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) (such as Windows), permissions can also be checked at the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) client, and a crude form of client side permission checking
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) can be enabled by specifying file_mode and dir_mode on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) the client. (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) forcegid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) (similar to above but for the groupid instead of uid) (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) noforceuid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) Fill in file owner information (uid) by requesting it from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) the server if possible. With this option, the value given in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) the uid= option (on mount) will only be used if the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) can not support returning uids on inodes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) noforcegid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) (similar to above but for the group owner, gid, instead of uid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) Set the default uid for inodes, and indicate to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) cifs kernel driver which local user mounted. If the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) supports the unix extensions the default uid is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) not used to fill in the owner fields of inodes (files)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) unless the ``forceuid`` parameter is specified.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) gid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) Set the default gid for inodes (similar to above).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) file_mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) If CIFS Unix extensions are not supported by the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) this overrides the default mode for file inodes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) fsc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) Enable local disk caching using FS-Cache (off by default). This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) option could be useful to improve performance on a slow link,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) heavily loaded server and/or network where reading from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) disk is faster than reading from the server (over the network).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) This could also impact scalability positively as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) number of calls to the server are reduced. However, local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) caching is not suitable for all workloads for e.g. read-once
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) type workloads. So, you need to consider carefully your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) workload/scenario before using this option. Currently, local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) disk caching is functional for CIFS files opened as read-only.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) dir_mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) If CIFS Unix extensions are not supported by the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) this overrides the default mode for directory inodes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) port
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) attempt to contact the server on this tcp port, before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) trying the usual ports (port 445, then 139).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) iocharset
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) Codepage used to convert local path names to and from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) Unicode. Unicode is used by default for network path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) names if the server supports it. If iocharset is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) not specified then the nls_default specified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) during the local client kernel build will be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) If server does not support Unicode, this parameter is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) unused.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) rsize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) default read size (usually 16K). The client currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) defaults to 16K and may be changed (from 8K to the maximum
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) kmalloc size allowed by your kernel) at module install time
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) for cifs.ko. Setting CIFSMaxBufSize to a very large value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) will cause cifs to use more memory and may reduce performance
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) in some cases. To use rsize greater than 127K (the original
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) cifs protocol maximum) also requires that the server support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) a new Unix Capability flag (for very large read) which some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) newer servers (e.g. Samba 3.0.26 or later) do. rsize can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) set from a minimum of 2048 to a maximum of 130048 (127K or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) CIFSMaxBufSize, whichever is smaller)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) wsize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) default write size (default 57344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) maximum wsize currently allowed by CIFS is 57344 (fourteen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 4096 byte pages)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) actimeo=n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) attribute cache timeout in seconds (default 1 second).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) After this timeout, the cifs client requests fresh attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) information from the server. This option allows to tune the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) attribute cache timeout to suit the workload needs. Shorter
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) timeouts mean better the cache coherency, but increased number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) of calls to the server. Longer timeouts mean reduced number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) of calls to the server at the expense of less stricter cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) coherency checks (i.e. incorrect attribute cache for a short
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) period of time).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) rw
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) mount the network share read-write (note that the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) server may still consider the share read-only)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) ro
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) mount network share read-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) used to distinguish different versions of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) mount helper utility (not typically needed)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) sep
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) if first mount option (after the -o), overrides
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) the comma as the separator between the mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) parms. e.g.::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) -o user=myname,password=mypassword,domain=mydom
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) could be passed instead with period as the separator by::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) -o sep=.user=myname.password=mypassword.domain=mydom
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) this might be useful when comma is contained within username
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) or password or domain. This option is less important
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) when the cifs mount helper cifs.mount (version 1.1 or later)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) is used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) nosuid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) Do not allow remote executables with the suid bit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) program to be executed. This is only meaningful for mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) to servers such as Samba which support the CIFS Unix Extensions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) If you do not trust the servers in your network (your mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) targets) it is recommended that you specify this option for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) greater security.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) exec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) Permit execution of binaries on the mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) noexec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) Do not permit execution of binaries on the mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) dev
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) Recognize block devices on the remote mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) nodev
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) Do not recognize devices on the remote mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) suid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) Allow remote files on this mountpoint with suid enabled to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) be executed (default for mounts when executed as root,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) nosuid is default for user mounts).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) credentials
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) Although ignored by the cifs kernel component, it is used by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) the mount helper, mount.cifs. When mount.cifs is installed it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) opens and reads the credential file specified in order
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) to obtain the userid and password arguments which are passed to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) the cifs vfs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) guest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) Although ignored by the kernel component, the mount.cifs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) mount helper will not prompt the user for a password
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) if guest is specified on the mount options. If no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) password is specified a null password will be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) perm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) Client does permission checks (vfs_permission check of uid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) and gid of the file against the mode and desired operation),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) Note that this is in addition to the normal ACL check on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) target machine done by the server software.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) Client permission checking is enabled by default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) noperm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) Client does not do permission checks. This can expose
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) files on this mount to access by other users on the local
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) client system. It is typically only needed when the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) supports the CIFS Unix Extensions but the UIDs/GIDs on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) client and server system do not match closely enough to allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) access by the user doing the mount, but it may be useful with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) non CIFS Unix Extension mounts for cases in which the default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) mode is specified on the mount but is not to be enforced on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) client (e.g. perhaps when MultiUserMount is enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) Note that this does not affect the normal ACL check on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) target machine done by the server software (of the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) ACL against the user name provided at mount time).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) serverino
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) Use server's inode numbers instead of generating automatically
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) incrementing inode numbers on the client. Although this will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) make it easier to spot hardlinked files (as they will have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) the same inode numbers) and inode numbers may be persistent,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) note that the server does not guarantee that the inode numbers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) are unique if multiple server side mounts are exported under a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) single share (since inode numbers on the servers might not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) be unique if multiple filesystems are mounted under the same
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) shared higher level directory). Note that some older
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) (e.g. pre-Windows 2000) do not support returning UniqueIDs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) or the CIFS Unix Extensions equivalent and for those
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) this mount option will have no effect. Exporting cifs mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) under nfsd requires this mount option on the cifs mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) This is now the default if server supports the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) required network operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) noserverino
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) Client generates inode numbers (rather than using the actual one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) from the server). These inode numbers will vary after
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) unmount or reboot which can confuse some applications,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) but not all server filesystems support unique inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) numbers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) setuids
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) If the CIFS Unix extensions are negotiated with the server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) the client will attempt to set the effective uid and gid of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) the local process on newly created files, directories, and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) devices (create, mkdir, mknod). If the CIFS Unix Extensions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) are not negotiated, for newly created files and directories
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) instead of using the default uid and gid specified on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) the mount, cache the new file's uid and gid locally which means
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) that the uid for the file can change when the inode is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) reloaded (or the user remounts the share).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) nosetuids
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) The client will not attempt to set the uid and gid on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) on newly created files, directories, and devices (create,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) mkdir, mknod) which will result in the server setting the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) uid and gid to the default (usually the server uid of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) user who mounted the share). Letting the server (rather than
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) the client) set the uid and gid is the default. If the CIFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) Unix Extensions are not negotiated then the uid and gid for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) new files will appear to be the uid (gid) of the mounter or the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) uid (gid) parameter specified on the mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) netbiosname
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) When mounting to servers via port 139, specifies the RFC1001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) source name to use to represent the client netbios machine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) name when doing the RFC1001 netbios session initialize.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) direct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) Do not do inode data caching on files opened on this mount.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) This precludes mmapping files on this mount. In some cases
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) with fast networks and little or no caching benefits on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) client (e.g. when the application is doing large sequential
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) reads bigger than page size without rereading the same data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) this can provide better performance than the default
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) behavior which caches reads (readahead) and writes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) (writebehind) through the local Linux client pagecache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) if oplock (caching token) is granted and held. Note that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) direct allows write operations larger than page size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) to be sent to the server.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) strictcache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) Use for switching on strict cache mode. In this mode the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) client read from the cache all the time it has Oplock Level II,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) otherwise - read from the server. All written data are stored
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) in the cache, but if the client doesn't have Exclusive Oplock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) it writes the data to the server.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) rwpidforward
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) Forward pid of a process who opened a file to any read or write
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) operation on that file. This prevent applications like WINE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) from failing on read and write if we use mandatory brlock style.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) acl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) Allow setfacl and getfacl to manage posix ACLs if server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) supports them. (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) noacl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) Do not allow setfacl and getfacl calls on this mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) user_xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) Allow getting and setting user xattrs (those attributes whose
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) name begins with ``user.`` or ``os2.``) as OS/2 EAs (extended
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) attributes) to the server. This allows support of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) setfattr and getfattr utilities. (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) nouser_xattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) Do not allow getfattr/setfattr to get/set/list xattrs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) mapchars
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) Translate six of the seven reserved characters (not backslash)::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) *?<>|:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) to the remap range (above 0xF000), which also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) allows the CIFS client to recognize files created with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) such characters by Windows's POSIX emulation. This can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) also be useful when mounting to most versions of Samba
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) (which also forbids creating and opening files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) whose names contain any of these seven characters).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) This has no effect if the server does not support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) Unicode on the wire.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) nomapchars
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) Do not translate any of these seven characters (default).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) nocase
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) Request case insensitive path name matching (case
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) sensitive is the default if the server supports it).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) (mount option ``ignorecase`` is identical to ``nocase``)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) posixpaths
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) If CIFS Unix extensions are supported, attempt to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) negotiate posix path name support which allows certain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) characters forbidden in typical CIFS filenames, without
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) requiring remapping. (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) noposixpaths
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) If CIFS Unix extensions are supported, do not request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) posix path name support (this may cause servers to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) reject creatingfile with certain reserved characters).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) nounix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) Disable the CIFS Unix Extensions for this mount (tree
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) connection). This is rarely needed, but it may be useful
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) in order to turn off multiple settings all at once (ie
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) posix acls, posix locks, posix paths, symlink support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) and retrieving uids/gids/mode from the server) or to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) work around a bug in server which implement the Unix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) Extensions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) nobrl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) Do not send byte range lock requests to the server.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) This is necessary for certain applications that break
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) with cifs style mandatory byte range locks (and most
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) cifs servers do not yet support requesting advisory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) byte range locks).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) forcemandatorylock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) Even if the server supports posix (advisory) byte range
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) locking, send only mandatory lock requests. For some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) (presumably rare) applications, originally coded for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) DOS/Windows, which require Windows style mandatory byte range
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) locking, they may be able to take advantage of this option,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) forcing the cifs client to only send mandatory locks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) even if the cifs server would support posix advisory locks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) ``forcemand`` is accepted as a shorter form of this mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) nostrictsync
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) If this mount option is set, when an application does an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) fsync call then the cifs client does not send an SMB Flush
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) to the server (to force the server to write all dirty data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) for this file immediately to disk), although cifs still sends
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) all dirty (cached) file data to the server and waits for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) server to respond to the write. Since SMB Flush can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) very slow, and some servers may be reliable enough (to risk
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) delaying slightly flushing the data to disk on the server),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) turning on this option may be useful to improve performance for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) applications that fsync too much, at a small risk of server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) crash. If this mount option is not set, by default cifs will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) send an SMB flush request (and wait for a response) on every
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) fsync call.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) nodfs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) Disable DFS (global name space support) even if the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) server claims to support it. This can help work around
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) a problem with parsing of DFS paths with Samba server
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) versions 3.0.24 and 3.0.25.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) remount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) remount the share (often used to change from ro to rw mounts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) or vice versa)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) cifsacl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) Report mode bits (e.g. on stat) based on the Windows ACL for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) the file. (EXPERIMENTAL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) servern
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) Specify the server 's netbios name (RFC1001 name) to use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) when attempting to setup a session to the server.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) This is needed for mounting to some older servers (such
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) as OS/2 or Windows 98 and Windows ME) since they do not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) support a default server name. A server name can be up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) to 15 characters long and is usually uppercased.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) sfu
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) When the CIFS Unix Extensions are not negotiated, attempt to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) create device files and fifos in a format compatible with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) Services for Unix (SFU). In addition retrieve bits 10-12
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) of the mode via the SETFILEBITS extended attribute (as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) SFU does). In the future the bottom 9 bits of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) mode also will be emulated using queries of the security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) descriptor (ACL).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) mfsymlinks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) Enable support for Minshall+French symlinks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) (see http://wiki.samba.org/index.php/UNIX_Extensions#Minshall.2BFrench_symlinks)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) This option is ignored when specified together with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) 'sfu' option. Minshall+French symlinks are used even if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) the server supports the CIFS Unix Extensions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) sign
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) Must use packet signing (helps avoid unwanted data modification
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) by intermediate systems in the route). Note that signing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) does not work with lanman or plaintext authentication.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) seal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) Must seal (encrypt) all data on this mounted share before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) sending on the network. Requires support for Unix Extensions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) Note that this differs from the sign mount option in that it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) causes encryption of data sent over this mounted share but other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) shares mounted to the same server are unaffected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) locallease
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) This option is rarely needed. Fcntl F_SETLEASE is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) used by some applications such as Samba and NFSv4 server to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) check to see whether a file is cacheable. CIFS has no way
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) to explicitly request a lease, but can check whether a file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) is cacheable (oplocked). Unfortunately, even if a file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) is not oplocked, it could still be cacheable (ie cifs client
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) could grant fcntl leases if no other local processes are using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) the file) for cases for example such as when the server does not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) support oplocks and the user is sure that the only updates to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) the file will be from this client. Specifying this mount option
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) will allow the cifs client to check for leases (only) locally
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) for files which are not oplocked instead of denying leases
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) in that case. (EXPERIMENTAL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) sec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) Security mode. Allowed values are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) none
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) attempt to connection as a null user (no name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) krb5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) Use Kerberos version 5 authentication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) krb5i
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) Use Kerberos authentication and packet signing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) ntlm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) Use NTLM password hashing (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) ntlmi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) Use NTLM password hashing with signing (if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) /proc/fs/cifs/PacketSigningEnabled on or if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) server requires signing also can be the default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) ntlmv2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) Use NTLMv2 password hashing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) ntlmv2i
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) Use NTLMv2 password hashing with packet signing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) lanman
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) (if configured in kernel config) use older
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) lanman hash
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) hard
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) Retry file operations if server is not responding
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) soft
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) Limit retries to unresponsive servers (usually only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) one retry) before returning an error. (default)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) The mount.cifs mount helper also accepts a few mount options before -o
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) including:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) =============== ===============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) -S take password from stdin (equivalent to setting the environment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) variable ``PASSWD_FD=0``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) -V print mount.cifs version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) -? display simple usage information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) =============== ===============================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) With most 2.6 kernel versions of modutils, the version of the cifs kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) module can be displayed via modinfo.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) Misc /proc/fs/cifs Flags and Debug Info
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) =======================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) Informational pseudo-files:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) ======================= =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) DebugData Displays information about active CIFS sessions and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) shares, features enabled as well as the cifs.ko
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) version.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) Stats Lists summary resource usage information as well as per
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) share statistics.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) ======================= =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) Configuration pseudo-files:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) ======================= =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) SecurityFlags Flags which control security negotiation and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) also packet signing. Authentication (may/must)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) flags (e.g. for NTLM and/or NTLMv2) may be combined with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) the signing flags. Specifying two different password
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) hashing mechanisms (as "must use") on the other hand
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) does not make much sense. Default flags are::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) 0x07007
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) (NTLM, NTLMv2 and packet signing allowed). The maximum
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) allowable flags if you want to allow mounts to servers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) using weaker password hashes is 0x37037 (lanman,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) plaintext, ntlm, ntlmv2, signing allowed). Some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) SecurityFlags require the corresponding menuconfig
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) options to be enabled (lanman and plaintext require
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) CONFIG_CIFS_WEAK_PW_HASH for example). Enabling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) plaintext authentication currently requires also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) enabling lanman authentication in the security flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) because the cifs module only supports sending
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) laintext passwords using the older lanman dialect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) form of the session setup SMB. (e.g. for authentication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) using plain text passwords, set the SecurityFlags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) to 0x30030)::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) may use packet signing 0x00001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) must use packet signing 0x01001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) may use NTLM (most common password hash) 0x00002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) must use NTLM 0x02002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) may use NTLMv2 0x00004
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) must use NTLMv2 0x04004
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) may use Kerberos security 0x00008
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) must use Kerberos 0x08008
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) may use lanman (weak) password hash 0x00010
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) must use lanman password hash 0x10010
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) may use plaintext passwords 0x00020
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) must use plaintext passwords 0x20020
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) (reserved for future packet encryption) 0x00040
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) cifsFYI If set to non-zero value, additional debug information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) will be logged to the system error log. This field
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) contains three flags controlling different classes of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) debugging entries. The maximum value it can be set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) to is 7 which enables all debugging points (default 0).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) Some debugging statements are not compiled into the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) cifs kernel unless CONFIG_CIFS_DEBUG2 is enabled in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) kernel configuration. cifsFYI may be set to one or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) nore of the following flags (7 sets them all)::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) +-----------------------------------------------+------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) | log cifs informational messages | 0x01 |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) +-----------------------------------------------+------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) | log return codes from cifs entry points | 0x02 |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) +-----------------------------------------------+------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) | log slow responses | 0x04 |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) | (ie which take longer than 1 second) | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) | | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) | CONFIG_CIFS_STATS2 must be enabled in .config | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) +-----------------------------------------------+------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) traceSMB If set to one, debug information is logged to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) system error log with the start of smb requests
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) and responses (default 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) LookupCacheEnable If set to one, inode information is kept cached
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) for one second improving performance of lookups
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) (default 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) LinuxExtensionsEnabled If set to one then the client will attempt to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) use the CIFS "UNIX" extensions which are optional
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) protocol enhancements that allow CIFS servers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) to return accurate UID/GID information as well
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) as support symbolic links. If you use servers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) such as Samba that support the CIFS Unix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) extensions but do not want to use symbolic link
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) support and want to map the uid and gid fields
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) to values supplied at mount (rather than the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) actual values, then set this to zero. (default 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) ======================= =======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) These experimental features and tracing can be enabled by changing flags in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) /proc/fs/cifs (after the cifs module has been installed or built into the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) tracing to the kernel message log type::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) echo 7 > /proc/fs/cifs/cifsFYI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) cifsFYI functions as a bit mask. Setting it to 1 enables additional kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) logging of various informational messages. 2 enables logging of non-zero
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) SMB return codes while 4 enables logging of requests that take longer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) than one second to complete (except for byte range lock requests).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) Setting it to 4 requires CONFIG_CIFS_STATS2 to be set in kernel configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) (.config). Setting it to seven enables all three. Finally, tracing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) the start of smb requests and responses can be enabled via::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) echo 1 > /proc/fs/cifs/traceSMB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) Per share (per client mount) statistics are available in /proc/fs/cifs/Stats.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) Additional information is available if CONFIG_CIFS_STATS2 is enabled in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) kernel configuration (.config). The statistics returned include counters which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) represent the number of attempted and failed (ie non-zero return code from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) server) SMB3 (or cifs) requests grouped by request type (read, write, close etc.).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) Also recorded is the total bytes read and bytes written to the server for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) that share. Note that due to client caching effects this can be less than the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) number of bytes read and written by the application running on the client.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) Statistics can be reset to zero by ``echo 0 > /proc/fs/cifs/Stats`` which may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) useful if comparing performance of two different scenarios.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) Also note that ``cat /proc/fs/cifs/DebugData`` will display information about
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) the active sessions and the shares that are mounted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) Enabling Kerberos (extended security) works but requires version 1.2 or later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) of the helper program cifs.upcall to be present and to be configured in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) /etc/request-key.conf file. The cifs.upcall helper program is from the Samba
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) project(https://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) require this helper. Note that NTLMv2 security (which does not require the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) cifs.upcall helper program), instead of using Kerberos, is sufficient for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) some use cases.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) DFS support allows transparent redirection to shares in an MS-DFS name space.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) In addition, DFS support for target shares which are specified as UNC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) names which begin with host names (rather than IP addresses) requires
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) a user space helper (such as cifs.upcall) to be present in order to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) translate host names to ip address, and the user space helper must also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) be configured in the file /etc/request-key.conf. Samba, Windows servers and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) many NAS appliances support DFS as a way of constructing a global name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) space to ease network configuration and improve reliability.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) To use cifs Kerberos and DFS support, the Linux keyutils package should be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) installed and something like the following lines should be added to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) /etc/request-key.conf file::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) create dns_resolver * * /usr/local/sbin/cifs.upcall %k
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) CIFS kernel module parameters
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) =============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) These module parameters can be specified or modified either during the time of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) module loading or during the runtime by using the interface::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) /proc/module/cifs/parameters/<param>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) i.e.::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) echo "value" > /sys/module/cifs/parameters/<param>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) ================= ==========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) 1. enable_oplocks Enable or disable oplocks. Oplocks are enabled by default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) [Y/y/1]. To disable use any of [N/n/0].
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) ================= ==========================================================
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags